CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
53.4%
LibreOffice supports the storage of passwords for web connections in the
user’s configuration database. The stored passwords are encrypted with a
single master key provided by the user. A flaw in LibreOffice existed where
the required initialization vector for encryption was always the same which
weakens the security of the encryption making them vulnerable if an
attacker has access to the user’s configuration data. This issue affects:
The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3
versions prior to 7.3.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libreoffice | < 1:6.0.7-0ubuntu0.18.04.12 | UNKNOWN |
ubuntu | 20.04 | noarch | libreoffice | < 1:6.4.7-0ubuntu0.20.04.5 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2022-26306
nvd.nist.gov/vuln/detail/CVE-2022-26306
security-tracker.debian.org/tracker/CVE-2022-26306
ubuntu.com/security/notices/USN-5661-1
ubuntu.com/security/notices/USN-5694-1
www.cve.org/CVERecord?id=CVE-2022-26306
www.libreoffice.org/about-us/security/advisories/cve-2022-26306